On Tue, Dec 27, 2011 at 2:00 PM, Tim van Deurzen <[email protected]> wrote:
> Hi,
>
> I've just installed Tracks 2.1 devel 0 on my Gentoo machine. Now my
> problem is the following:
>
> When I look at the 'production.log' file I can see users' passwords in
> plain text. I have spent the better part of two hours trying to find
> some configuration setting or distinct logging setting to disable this.
> However, I've come up blank. Is this a bug, a feature or a security hole
> and how do I fix it?
>
>
> Kind regards,
>
> Tim.
Hi Tim,
Could you be a bit more specfic about what you're seeing in the logs
and where you're seeing it? For example, when I log in, this is what i
see in my production.log file.
Processing LoginController#login (for 127.0.0.1 at 2012-01-10 10:05:26) [POST]
Parameters: {"user_login"=>"admin", "action"=>"login",
"authenticity_token"=>"j0x/fd15ORwIwUYAXkcHfRxoRX5sDSujk723B4nRA64=",
"controller"=>"login", "user_password"=>"[FILTERED]",
"user_noexpiry"=>"on", "login"=>"Sign in ยป"}
Redirected to http://localhost:3001/
Completed in 246ms (DB: 1) | 302 Found [http://localhost/login]
Thanks,
Matt
_______________________________________________
Tracks-discuss mailing list
[email protected]
http://lists.rousette.org.uk/mailman/listinfo/tracks-discuss
